Vulnerability Details : CVE-2018-18541
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
Vulnerability category: Input validation
Products affected by CVE-2018-18541
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:teeworlds:teeworlds:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18541
1.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18541
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-18541
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-18541
-
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html
[security-announce] openSUSE-SU-2019:1793-1: moderate: Security update f
-
https://teeworlds.com/?page=news&id=12544
TeeworldsVendor Advisory
-
https://bugs.debian.org/911487
#911487 - teeworlds: CVE-2018-18541: remote denial-of-service - Debian Bug report logsMailing List;Patch;Third Party Advisory
-
https://github.com/teeworlds/teeworlds/issues/1536
CVE: Remote denial-of-service fixed in 0.6.5 · Issue #1536 · teeworlds/teeworlds · GitHubPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html
[security-announce] openSUSE-SU-2019:1999-1: moderate: Security update f
-
https://www.debian.org/security/2018/dsa-4329
Debian -- Security Information -- DSA-4329-1 teeworldsThird Party Advisory
Jump to